🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > apple502j

apple502j

All Time Ranking

126

All Time Discoveries

Showing 1-20 of 126 Vulnerabilities

Yes/No Chart < 1.0.12 - Authenticated SQL Injection

6.5

CVE-2021-24360

May 31, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Prismatic <= 2.7 - Stored Cross-Site Scripting

5.4

CVE-2021-24408

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Prismatic <= 2.7 - Reflected Cross-Site Scripting

6.1

CVE-2021-24409

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24433

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Browser Screenshots < 1.7.6 - Stored Cross-Site Scripting

5.4

CVE-2021-24439

Jun 21, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

WP Image Zoom <= 1.46 - Local File Inclusion

5.3

CVE-2021-24447

Jun 23, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Yada Wiki <= 3.4 - Stored Cross-Site Scripting

5.4

CVE-2021-24470

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24464

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference

4.3

CVE-2021-24473

Jun 28, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24468

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2021-24467

Jul 1, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.4

CVE-2021-24503

Jul 5, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24509

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2021-24446

Jul 12, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24541

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2021-24540

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting

6.4

CVE-2021-24471

Jul 19, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24486

Jul 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection

8.8

CVE-2021-24506

Jul 26, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting

5.4

CVE-2021-24759

Aug 11, 2021

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Yes/No Chart < 1.0.12 - Authenticated SQL Injection	CVE-2021-24360	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	May 31, 2021
Prismatic <= 2.7 - Stored Cross-Site Scripting	CVE-2021-24408	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 21, 2021
Prismatic <= 2.7 - Reflected Cross-Site Scripting	CVE-2021-24409	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	June 21, 2021
Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24433	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 21, 2021
Browser Screenshots < 1.7.6 - Stored Cross-Site Scripting	CVE-2021-24439	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 21, 2021
WP Image Zoom <= 1.46 - Local File Inclusion	CVE-2021-24447	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 23, 2021
Yada Wiki <= 3.4 - Stored Cross-Site Scripting	CVE-2021-24470	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	June 28, 2021
YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24464	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	June 28, 2021
User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference	CVE-2021-24473	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 28, 2021
Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24468	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 1, 2021
Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24467	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 1, 2021
Popular Brand Icons - Simple Icons <= 2.7.7 - Authenticated Cross-Site Scripting	CVE-2021-24503	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 5, 2021
Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24509	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 12, 2021
Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2021-24446	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	July 12, 2021
Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24541	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2021-24540	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24471	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	July 19, 2021
Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24486	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	July 26, 2021
Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection	CVE-2021-24506	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	July 26, 2021
PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting	CVE-2021-24759	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	August 11, 2021

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation